Script to generate a video, upload it to Youtube and receive the DNS responses from the SharpCovertTube client.

• "generate": Create a QR video
• "upload": Upload a video to Youtube
• "listen": Listen for DNS queries
• "all": Create a QR video + Upload a video to Youtube + Listen for DNS queries
• "exit": Exit the program

Generating a video with a QR image:

Uploading the video:

Listening for DNS queries and decoding/decrypting the results:

Generating video + Uploading video + Listening for DNS queries:

apt-get install libgl1
pip install dnslib pillar-youtube-upload Pillow opencv-python pyqrcode pypng pycryptodome rebus

If port 53 is in use you may need to stop the systemd-resolved service:

sudo systemctl stop systemd-resolved

It is necessary to complete the config.py file:

• client_id and client_secret:

  • Go to the Google's credentials page
  • Click "Create Credentials" > "OAuth client ID" and select the "Web application" app type
  • Use "http://localhost:8080" as redirect URI and click "Create"
  • Open the OAuth client ID to grab the values

• access_token_ and refresh_token_:

  • Access the following page (after changing "YOUR_CLIENT_ID" with your client_id value):

  https://accounts.google.com/o/oauth2/auth?client_id=YOUR_CLIENT_ID&redirect_uri=http://localhost:8080&response_type=code&scope=https://www.googleapis.com/auth/youtube.upload&access_type=offline
  

  • Grab the "code" value from the previous request and execute the following CURL request (after changing "YOUR_CODE" with the code value, "YOUR_CLIENT_ID" with your client_id value and "YOUR_CLIENT_SECRET" with your client_secret value):

  curl --request POST --data "code=YOUR_CODE&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=http://localhost:8080&grant_type=authorization_code" https://oauth2.googleapis.com/token
  

• ns_subdomain: The subdomain for DNS exfiltration, in this case we will use the subdomain "steve"

• log_file (default: "log.txt"): File to store the logs

• show_banner (default: False): Show the banner

If you have not configured the DNS domain and is already pointing to a server you control, you can do it using DigitalOcean and GoDaddy.

Create a project in DigitalOcean, connect the GoDaddy's domain to it and create a droplet.

Then, add the following DNS records:

• "A" record for your domain, for example "domain.com", pointing to the droplet's IP address.
• "A" record for subdomain "ns" pointing to the droplet's IP address.
• "NS" record for a subdomain, for example "steve", pointing to the droplet's IP address.
  • NOTE: This is the subdomain we will use for DNS exfiltration.
• "NS" record redirecting to ns1.digitalocean.com (if not already in there).
• "NS" record redirecting to ns2.digitalocean.com (if not already in there).
• "NS" record redirecting to ns3.digitalocean.com (if not already in there).

After purchasing a domain in GoDaddy, visit the "DNS Management" section in GoDaddy (https://dcc.godaddy.com/manage/YOUR_DOMAIN/dns). You have to add an entry in the "Hostname" subsection, which will contain the host "ns" and will point to your DigitalOcean droplet's IP address:

Then, in "Nameservers" subsection, add the DigitalOcean nameservers if they are not already in there (ns1.digitalocean.com, ns2.digitalocean.com and ns3.digitalocean.com):